Weekly Vulnerabilities Reports > June 27 to July 3, 2005
Overview
31 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 21 products from 18 vendors including Ubbcentral, Realnetworks, ASP Nuke, SUN, and Active WEB Softwares. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "NULL Pointer Dereference", "Cross-Site Request Forgery (CSRF)", and "Cleartext Transmission of Sensitive Information".
- 24 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 31 reported vulnerabilities are exploitable by an anonymous user.
- Ubbcentral has the most reported vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
8 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-06-29 | CVE-2005-2080 | Symantec Veritas | Remote Agent for Windows Servers Privilege Escalation vulnerability in Veritas Backup Exec Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server. | 7.5 |
| 2005-06-29 | CVE-2005-2067 | ASP Nuke | SQL Injection vulnerability in ASPNuke Article.ASP SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | 7.5 |
| 2005-06-29 | CVE-2005-2066 | ASP Nuke | SQL Injection vulnerability in Asp-Nuke 0.80 SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter. | 7.5 |
| 2005-06-29 | CVE-2005-2062 | Active WEB Softwares | SQL Injection vulnerability in Active web Softwares Activebuyandsell 6.2 Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp. | 7.5 |
| 2005-06-29 | CVE-2005-2058 | Ubbcentral | SQL-Injection vulnerability in UBB.threads Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. | 7.5 |
| 2005-06-28 | CVE-2005-2051 | Symantec Veritas | Remote Buffer Overflow vulnerability in Veritas Backup Exec Web Administration Console Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. | 7.5 |
| 2005-06-28 | CVE-2005-0772 | Veritas | NULL Pointer Dereference vulnerability in Veritas Backup Exec VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. | 7.5 |
| 2005-06-29 | CVE-2005-2072 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris and Sunos The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. | 7.2 |
17 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-06-29 | CVE-2005-2057 | Ubbcentral | Cross-Site Scripting vulnerability in UBB.threads Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. | 6.8 |
| 2005-06-29 | CVE-2005-2059 | Ubbcentral | Cross-Site Request Forgery (CSRF) vulnerability in Ubbcentral Ubb.Threads Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | 6.5 |
| 2005-06-29 | CVE-2005-2054 | Realnetworks | Remote Security vulnerability in RealPlayer Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file. | 5.1 |
| 2005-06-28 | CVE-2005-2052 | Realnetworks | Remote Security vulnerability in RealPlayer Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value. | 5.1 |
| 2005-06-28 | CVE-2005-1766 | Realnetworks | Unspecified vulnerability in Realnetworks Realplayer Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. | 5.1 |
| 2005-06-30 | CVE-2005-2069 | Padl | Cleartext Transmission of Sensitive Information vulnerability in Padl NSS Ldap and PAM Ldap pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | 5.0 |
| 2005-06-29 | CVE-2005-2070 | Sendmail | Remote Denial Of Service Weakness in Sendmail Milter The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. | 5.0 |
| 2005-06-29 | CVE-2005-2065 | ASP Nuke | Unspecified vulnerability in Asp-Nuke 0.80 HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter. | 5.0 |
| 2005-06-29 | CVE-2005-2064 | ASP Nuke | Cross-Site Scripting vulnerability in Asp-Nuke 0.80 Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp. | 5.0 |
| 2005-06-29 | CVE-2005-2061 | Ubbcentral | Remote Security vulnerability in UBB.threads Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | 5.0 |
| 2005-06-29 | CVE-2005-2060 | Ubbcentral | Remote Security vulnerability in UBB.threads Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. | 5.0 |
| 2005-06-29 | CVE-2005-2055 | Realnetworks | Remote Security vulnerability in RealPlayer RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers". | 5.0 |
| 2005-06-28 | CVE-2005-2053 | Salims Softhouse | Information Disclosure vulnerability in JAF CMS Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. | 5.0 |
| 2005-06-28 | CVE-2005-2050 | TOR | Remote Security vulnerability in Tor Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space. | 5.0 |
| 2005-06-29 | CVE-2005-2071 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10.0 traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . | 4.6 |
| 2005-06-29 | CVE-2005-2077 | Hosting Controller | Cross-Site Scripting vulnerability in Hosting Controller Error.ASP Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 4.3 |
| 2005-06-29 | CVE-2005-2063 | Active WEB Softwares | Cross-Site Scripting vulnerability in Active web Softwares Activebuyandsell 6.2 Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp. | 4.3 |
6 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-06-29 | CVE-2005-2056 | Clam Anti Virus | Quantum Decompressor Denial Of Service vulnerability in Clam Anti-Virus Clamav 0.85/0.85.1/0.86 The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. | 2.6 |
| 2005-06-29 | CVE-2005-2078 | Sofotex | Remote Denial Of Service vulnerability in Sofotex Bisonftp V4R1 BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument. | 2.1 |
| 2005-06-29 | CVE-2005-2076 | HP | Unspecified vulnerability in HP Version Control Repository Manager HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen. | 2.1 |
| 2005-06-29 | CVE-2005-2073 | IBM | Local Security vulnerability in DB2 Universal Database Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. | 2.1 |
| 2005-06-29 | CVE-2005-0201 | D BUS | Local Privilege Escalation vulnerability in D-BUS Session Bus D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket. | 2.1 |
| 2005-06-28 | CVE-2005-1759 | Shtool | Unspecified vulnerability in Shtool Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751. | 1.2 |